API — Rate Limits
Rate limiting protects the API from abuse and ensures fair resource allocation across all organisations.
Limits
| Scope | Limit | Burst |
|---|---|---|
| Per IP address | 20 requests / second | Up to 100 queued |
Requests that exceed the burst limit receive a 429 Too Many Requests response. Burst requests (up to 100) are queued and processed at the sustained rate rather than being rejected immediately.
✦
Polling patterns
Avoid tight polling loops. For transaction monitoring, use webhooks to receive push notifications instead of polling/api/alerts/events repeatedly. If you must poll, aim for intervals of 30 seconds or longer.Response headers
The API does not currently return Retry-After or X-RateLimit-* headers. If you receive a 429, wait at least 1 second before retrying.
Handling 429s
Implement exponential backoff when you encounter rate limit responses:
typescript
async function fetchWithRetry(url: string, options: RequestInit, retries = 3): Promise<Response> {
for (let attempt = 0; attempt <= retries; attempt++) {
const res = await fetch(url, options)
if (res.status !== 429) return res
if (attempt === retries) throw new Error('Rate limit exceeded after retries')
const delay = Math.pow(2, attempt) * 1000 // 1s, 2s, 4s
await new Promise(r => setTimeout(r, delay))
}
throw new Error('Unexpected retry loop exit')
}